1. Technical Field
Example embodiments of the present invention relate in general to a technology of authenticating a user, and more particularly, to a method of generating an one-time password (OTP) based on user secret information that is input by a user, and an apparatus for performing the same.
2. Related Art
The development of network technology has made various online services, such as banking, shopping, game, and payment, available for user by using various information communication devices. In this case, a permission to use the online service is assigned only to an authenticated user, to protect private information of users.
In this regard, a user generates a login account including a user identification (ID) and a password to receive a permission to use an online service. The generated login account is registered in a server that manages online services, and when a user enters an ID and a password for an online service that is desired by the user, the entered ID and password is compared with the login account registered in the server, and the service is provided to the user only if the ID and password matches the login account.
The above-described user authentication through an interconnection between a user and a server is currently used in most online services. However, the ID and the password of the user, transmitted through a communication network, may be exposed to an attacker who accesses network, which results in appropriation of the ID and password.
In particular, only the entering of an ID and a password has limitation in preventing a security incident in the use of electronic banking services, such as internet banking or mobile banking.
In order to overcome the above drawbacks, there is suggested a method of authenticating a user by granting an One-Time Password (OTP) in the use of an online service and entering the OTP together with login information. The OTP is generated by a user terminal or an OTP granting sever to have a limited time of use, or have a limited use only for a one-time login, and provided to a user.
However, such a method has a poor security in that an OTP may be generated without permission, once a user terminal that generates an OTP is stolen or lost, or hacked due to malicious codes or viruses.